Medium severity4.7NVD Advisory· Published Mar 8, 2017· Updated May 13, 2026

CVE-2017-0497

Description

A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33300701.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A denial of service vulnerability in Android Mediaserver allows a specially crafted file to cause device hang or reboot, affecting Android 7.0 and 7.1.1.

Vulnerability

A denial of service vulnerability exists in the Mediaserver component of Android versions 7.0 and 7.1.1. The bug can be triggered by a specially crafted file, leading to a device hang or reboot. The issue is rated as Moderate because it requires an uncommon device configuration to be exploitable. [1][2]

Exploitation

An attacker needs to deliver a specially crafted file to the target device, which when processed by Mediaserver causes the denial of service. No authentication or special privileges are required beyond the ability to introduce the file (e.g., via a malicious app or web content). The uncommon device configuration may involve specific hardware or software settings that make the code path reachable. [1][2]

Impact

Successful exploitation results in a denial of service, causing the device to hang or reboot. This disrupts device availability and may lead to temporary loss of functionality. No data confidentiality or integrity impact is reported. [1][2]

Mitigation

The vulnerability is addressed in the Android security patch level of 2017-03-05, as part of the March 2017 Security Bulletin. Users should ensure their devices receive the update. No workarounds are documented. [1][2]

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Google/Android4 versions
cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*
- (no CPE)range: Android-7.0
Google/mediaserverllm-fuzzy
Range: <=7.1.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

source.android.com/security/bulletin/2017-03-01.htmlnvdVendor Advisory
www.securityfocus.com/bid/96795nvd
www.securitytracker.com/id/1037968nvd
source.android.com/security/bulletin/2017-03-01nvd

News mentions

No linked articles in our index yet.

cvss	0.306
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000